AMD has discovered 31 new vulnerabilities in its chips, including the Ryzen and EPYC series. Several mitigation methods for unprotected CPUs have been created, and an update has introduced several types of AGESA (the code discovered while constructing the system’s BIOS and UEFI code).
Ryzen 2000, Ryzen 5000 APUs, Ryzen 2000 APUs, Ryzen 2000 mobile, Ryzen 3000 and Ryzen 5000, as well as server AMD Threadripper 2000 HEDT and Pro and AMD Threadripper 3000 HEDT and Pro, are among the CPU series impacted. In addition, the company has detected 28 vulnerabilities in EPYC processors, with four models labelled as “high severity”.
AGESA updates have been issued to Original Equipment Manufacturers (OEMs) due to the nature of the vulnerability, and patch distribution timings will vary by vendor. Instead of waiting for the firm to release it later, consumers could check the vendor’s official website to see if a new update can be downloaded.
In addition, the company published a paper in partnership with teams from three major corporations: Apple, Google, and Oracle. They’ve discovered one “high severity” vulnerability and two less severe ones that need to be repaired. All vulnerabilities are exploited via the BIOS and ASP bootloader (also known as the AMD Secure Processor bootloader).
These vulnerabilities can be fixed with BIOS upgrades. However, keep in mind that motherboard makers may behave inconsistently. Users must maintain their systems up to date to defend themselves from any assaults.